archive

Lawsuits threaten student filesharing

Scott Brodfuehrer | Thursday, August 28, 2003

For years, students downloaded copyrighted music and other files under the anonymity of handles such as NDQTPie, GoIrish04 and BellesFan12. Most knew these downloads were not legal, but few feared they would get into trouble for downloading the latest U2 song.

But a series of court rulings and decisions by the Recording Industry of America threaten to change this culture, putting students who illegally download copyrighted files at risk of legal action.

“We are advising all students to think very carefully about the degree to which they put themselves at legal risk by downloading or sharing copyrighted files,” said Gordon Wishon, Notre Dame’s chief information officer.

Saint Mary’s has repeatedly warned students not to download copyrighted files. Notre Dame’s Office of Information Technology is planning a communications campaign with the Office of Residence Life and Housing to warn students of the increased scrutiny focused on file downloads.

The RIAA sued Verizon Internet, an Internet Service Provider, under the Digital Millenium Copyright Act earlier this year, requiring them to turn over the names of customers who they claim downloaded hundreds of copyrighted files. In April, Verizon lost an appeal to the RIAA and was forced to turn over the users’ names and information. During the summer, the RIAA began to search the Internet for users who had large numbers of copyrighted files and issued subpoenas to their Internet service providers to determine the identities of the users. The RIAA plans to use this information to file lawsuits against the users.

To date, neither Notre Dame nor Saint Mary’s has received a subpoena. In the past, both schools have received cease and desist orders, which, under the DMCA, require the copyrighted files to be removed. When these cease and desist orders were received, both schools required students to remove the files and forwarded the case to the Office of Residence Life and Housing for possible disciplinary action as a violation of the Responsible Use of Information Technology policy. However, a cease and desist order did not require that the identity of the copyright violator be turned over for possible legal action.

When the RIAA issues these subpoenas, they require that the identity of a copyright violator be disclosed. Some Universities have already received such subpoenas. Two of these, Boston College and the Massachusetts Institute of Technology, won an appeal against the RIAA and do not have to turn over students’ information because a judge said that the subpoenas issued in Washington, D.C. do not apply to the schools in Massachusetts.

Tim Flanagan, assistant vice president and general counsel at Notre Dame, said it is difficult to determine in advance if the University would appeal a subpoena if it received one because subpoenas are fact-dependent and fact-specific.

“If we were to get one, we would review the subpoena and see if it was valid and legally supported. If it was, the law requires us to disclose the identity [of the copyright violator],” Flanagan said.

To date, the RIAA’s main method of identifying copyright violators is to find users who are sharing large numbers of copyrighted files in programs such as Kazaa. As a result, many file sharers believe that they will not be targeted for legal action if they do not share files.

Wishon said this is a dangerous assumption, adding that it is possible that the RIAA may choose to use other techniques to identify violators. One of these could include setting up a “honey pot” of illegal files and identifying users who download these files.

“I personally don’t think that any student, faculty or staff member is safe from inspection if they are downloading copyrighted files,” Wishon said. “Tactics like a honey pot are used elsewhere to attract other types of illegal behavior and I wouldn’t be surprised if they were used here.”

In addition to targeting users of copyrighted files, the RIAA has also attempted to shut down file-sharing tools such as Kazaa. It was unsuccessful in shutting down these services, and a judge compared them to a VCR, stating that while a VCR could be used to violate copyright laws, there are “substantial non-infringement uses” for both VCRs and file-sharing programs.

Previously, the RIAA settled out of court a lawsuit against a Princeton student who created a tool that allowed students to easily search for and download copyrighted files.

A tool at Notre Dame that is used by many students to download files – both copyrighted and not – is called Findit. According to Allan Cooke, the creator of Findit, the program indexes files that are already shared through the campus network by users who give permission for this to occur. Last year, it indexed the files of approximately 120 users and offered them for download to any user of the campus network. Cooke is not running Findit this year because he is living off-campus, but said he gave the computer to a student who lives on campus so the program will still work.

Wishon said that OIT has no intention of blocking the use of this tool.

“We have no intent to prohibit the use of any specific technology,” Wishon said.

Flanagan declined to comment specifically on Findit, but said the law does not generally target technology.

“The law has been very slow to attack technologies that are used for illegal purposes. It attacks the illegal file sharers,” Flanagan said.

Cooke said that because Findit only provides a convenient way to download files that are already available, he believes it is not likely that he or the administrator of the tool could be held liable for the files downloaded on it.

“We are not responsible for the content on it, if we are informed of something on there that is copyrighted, we will take it down,” Cooke said.

While students who download files now risk the RIAA discovering their activities, Wishon said OIT will not be monitoring the campus network to determine if students are using copyrighted files illegally. He said the only way his office would find out about such behavior would be if it was reported to him by an outside organization.

“The OIT is not the police. We have plenty to do without tracking illegal or unethical things taking place on our network. If we are told there is content on our network that is not in compliance, we will take action,” Wishon said.